Running a business is a risk, no matter how you look at it. You risk your money, time, and other resources to build something awesome. If you’re a business owner, you know that risk isn’t necessarily a bad thing. Like we all say, it’s about the reward at the end right? Running a business can be incredibly rewarding.
One way to ensure that running your business continues to be rewarding is constantly analyzing and managing your risk. If you take well understood and well-managed risks, you can greatly reduce your chances of something bad happening to the business you worked so hard to build. But as we’ve been talking to Denver Business about their IT strategy, we continue to find one gaping hole: Data Security. With today’s consumers being hyper-aware of where their personal data goes, data security is a major liability for all businesses but is often overlooked.
Depending on the type of data you collect from your customers, and who your customers are, simply being in possession of that data is a risk. Improperly handling data can hurt your reputation or lead to civil and/or criminal liability! Like all the other risks involved in running your business, this is not necessarily a bad thing. Risks are a part of business ownership, we just have to ensure that we properly manage our risks. In this article, we’ll give you some simple tips to manage this risk!
Five Simple Steps to Manage Your Data Risk
1. Know what you’re collecting and why
Before you can decide how your data needs protecting, you need to know what your data is. To establish this, you need to look at all of your business processes from marketing to onboarding to delivery. In the end, you should have a comprehensive list of the types of data you are collecting.
2. Limit What You Collect
Now that you know what data you’re collecting, you need to figure out what data you actually need to collect and save. For example, we recently helped a not-for-profit client discover that they were storing social security numbers. Obviously, that’s an extremely high-risk piece of data to store. However, it turns out that they did not need to save this data. So, instead of building protections around this sensitive data they didn’t need, they simply stopped storing it and deleted it. By collecting only what you need to do your best work for your customers, you’ve already significantly limited your risk exposure.
3. Sort and Classify Your Data
Using your inventory of data, come up with a list of “classifications” that accurately represent the levels of risk for different types of data. In our own organization, we have classifications for “non-sensitive” data such as marketing materials like this post, and then a few different classifications for confidential information. For example, passwords we maintain for our clients are stored using very stringent policies and technologies to ensure that the data is protected.
Once you’ve established your own system of classifications, you need to separate your data. This may mean using technologies like Azure Information Protection (included with Stellar IT), or simply storing your marketing data in a separate area from your operations data. By separating your newly categorized data, you’ll be ready for the next step.
4. Limit Access
This is arguably one of the most critical things you can do. Chances are that your entire team does not need access to all of your data to do their job. So in this step, you need to evaluate which team members need access to what data and restrict their access appropriately.
5. Apply Proper Protection
During this step, you need to protect the sensitive data you hold. This varies depending on what type of data you’re protecting but most often includes steps such as:
- Implement policies and procedures your team can follow to protect the data
- Train your team on protecting your company from modern threats (on an ongoing basis)
- Implement technical safeguards like mobile device policies and disk encryption
These five steps will get you well on your way to limiting and managing the risks you take by collecting and storing data. If you need help taking these steps, then our Stellar IT service is just for you. This IT as a Service offering implements all of these critical protection aspects, and so much more. Learn more here.